US requires water supply systems to be evaluated for cybersecurity as part of national protection program
The United States government has mandated that states evaluate the cybersecurity of public water supply systems. This comes as part of the White House program aimed at protecting critical infrastructure in the country from potential cyber attacks by other states and cyber criminals.
The Environmental Protection Agency (EPA) has developed measures to ensure public water supply companies protect their systems and comply with requirements for cybersecurity assessments. The requirements were put in place because a considerable number of public water supply systems do not have adequate cyber protection, either due to limited budgets or outdated electronic systems.
According to the EPA, public water supply systems are frequently targeted through cyber attacks, which have the potential to cause damage to the processing and distribution of drinking water. In the US, there are roughly 153,000 public water supply systems providing drinking water to 80% of the population. The growing number of electronic control systems over the past 20 years has led to an increased vulnerability to cyber attacks.
If a public water supply system relies on an industrial control system (ICS), the cyber assessment must also include operating technologies (OT).
The EPA has stated that where “significant deficiencies” are noted in a water supply system’s cybersecurity, problems must be rectified by the state. This could include design problems, improper operation or the failure of cleaning systems, as well as incorrect storage or distribution of water. Companies have also been allowed to hire third-party cybersecurity specialists to assess and install protection. The EPA is also willing to provide technical assistance, training and financial support to companies through specialized programs.
Source: https://www.epa.gov/waterriskassessment/epa-cibersecurity-water-Sector